Cyber Resilience

CVE-2025-68968

High

Published: 14 January 2026

Published
14 January 2026
Modified
15 January 2026
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0001 1.3th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-68968 is a high-severity Double Free (CWE-415) vulnerability in Huawei Harmonyos. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 1.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-68968 is a double free vulnerability (CWE-415) in the multi-mode input module affecting Huawei consumer products. Published on 2026-01-14T03:15:51.740, it carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). Successful exploitation may affect the input function.

A local attacker with low privileges can exploit this vulnerability with low complexity and no user interaction required. Exploitation could result in high impacts to confidentiality, integrity, and availability, potentially allowing arbitrary code execution or system compromise within the affected input function.

Huawei has published support bulletins addressing this issue, available at https://consumer.huawei.com/en/support/bulletin/2026/1// and https://consumer.huawei.com/en/support/bulletinlaptops/2026/1//, which likely detail patches or mitigation steps for affected consumer and laptop devices.

EU & UK References

Vulnerability details

Double free vulnerability in the multi-mode input module. Impact: Successful exploitation of this vulnerability may affect the input function.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Double-free memory corruption in local input module directly enables arbitrary code execution by low-privileged attacker, mapping to exploitation for privilege escalation.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-68960Same product: Huawei Harmonyos
CVE-2024-56451Same product: Huawei Harmonyos
CVE-2025-68957Same product: Huawei Harmonyos
CVE-2025-68956Same product: Huawei Harmonyos
CVE-2026-24930Same product: Huawei Harmonyos
CVE-2026-24926Same product: Huawei Harmonyos
CVE-2024-56439Same product: Huawei Harmonyos
CVE-2025-68958Same product: Huawei Harmonyos
CVE-2024-57955Same product: Huawei Harmonyos
CVE-2026-24925Same product: Huawei Harmonyos

Affected Assets

huawei
harmonyos
6.0.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

SI-2 requires identification, reporting, and correction of system flaws like this double free vulnerability through timely patching as detailed in Huawei support bulletins.

prevent

SI-16 implements controls to minimize the impact of memory-related flaws such as double frees, preventing unauthorized access and exploitation attempts.

prevent

SI-10 validates and sanitizes inputs to the multi-mode input module, reducing the likelihood of triggering the double free vulnerability via malformed local inputs.

References